Cloud Computing Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Cloud Computing Outlook
Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie MaeIn thinking of the pandemic, we are reminded that you should not wait for a crisis to make a plan. Stretching the adage further, the start of a crisis is not the time to be meeting your vendor’s leadership team for the first time to compare notes. This is especially true with your security providers. Successfully navigating through a crisis, each with its own unique challenges, requires leveraging established relationships to ensure stability during uncertain times. And as for posing unique challenges, the COVID-19 pandemic is in a class all its own.
With work from home the new norm in many corporate settings, the need for security and safety in the workplace remains paramount. Reduced building occupancy does not diminish overall risk, and instead presents its own set of challenges to manage. Whether it is monitoring fire or intrusion alarms, the array of security tools we deploy during “normal” times remain fundamental as we protect our essential on-site personnel and property. The good news is that many essential security functions,includingretrieving access reports to facilitate contact tracing,running a 24/7 operations center, or tracking threats can be done remotely and efficiently. Success relies ona continuity plan that leverages matured relationships with critical vendors.
The COVID-19 pandemic has been instructive. As a base line, business continuity plans must consider the criticality of third-party security services to ensure uninterrupted coverage, and the continuity manager, to achieve true resiliency, must understand fully the security function and process. The pandemic has hammered this lesson home.Asa security leader, it is incumbent upon you to ensure your team is positioned to execute on the physical security continuity plan. This takes, in part, understanding your vendor’s capabilities and their continuity plans. Your vendor’s vulnerabilities become your operational vulnerabilities. For example, just as you may be operating with reduced on-site staff during a crisis, your security vendor is likely operating under the same restrictions. That said, other than providing you with requisite security coverage, is your vendor able to provide and sustain other support functions necessary to address risk? For instance, if your 24 x 7 security control or operations center is primarily staffed with contractors, do they have the capability to go remote? Do critical security contractor staff have access to systems and equipment to facilitate remote operation in a loss of facility scenario? These are the questions that must be answered before the crisis to ensure continuity of business.
The inability to deliver on critical security services such as threat monitoring and response during times of crisis amounts to a business disruption. You must enable your security vendor by providing workaround strategies such as remote work support, just as you do for employees. Doing so will ensure you meet the needs of the business, as well as meet employee security and safety expectations.
Setting yourself up for success goes beyond the four corners of a supplier contract. Investing in and nurturing a strong partnership where your security vendor feels like a valued part of the teamis integral to success, especially during times of crisis when you need to pivot quickly. A strategic partnership, based on mutual respect and aligned goals, is foundational to vendor relationship management and a pathway to promoting safety and security.
